Threat Intelligence Blog

Weekly Threat Intelligence Brief: August 8, 2017

Posted August 8, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Financial Services

“It’s enough to send chills down the spine of any security analyst. Rather than keeping an eye on the hackers, the hackers keep an eye on you, infiltrating your network and stealing your data, before unleashing it to the world in a very public, and very embarrassing way.

That nightmare scenario became reality for the Virginia-based Mandiant Security and one of its employees, Adi Peretz, after hackers spent a year inside of his computer.

Peretz, who works as a ‎Senior Threat Intelligence Analyst, has become the victim of “Operation #LeakTheAnalyst,” and appears to be collateral damage in a backlash against the legitimate security industry. The hackers dumped the contents of his email inbox, as well as several internal Mandiant and FireEye documents.”

Healthcare

“A hacker attack on a women’s healthcare clinic that impacted hundreds of thousands of patients ranks as the second largest ransomware related health data breach reported to date to federal regulators.

In July 18 statement posted on its website, Women’s Health Care Group of PA, an obstetrician/gynecology practice based in Oaks, Penn., says that the clinic discovered in May that a server and workstation located at one of its offices had been “infected by a virus designed to block access to system files.”

However, forensic analysis indicates that the attack might have begun as early as January, WHCGPA says.”

Information Security

“A newly discovered spyware family that appears designed for cyber-espionage is still under development, G DATA security researchers say.

Dubbed Rurktar, the tool hasn’t had all of its functionality implemented yet, but G DATA says “it is relatively safe to say [it] is intended for use in targeted spying operations.” The malicious program could be used for reconnaissance operations, as well as to spy on infected computers users, and steal or upload files.

The spyware, researchers say, appears to originate from Russia. Some of its internal error messages are written in Russian and the IP addresses used to remotely control the tool are located in the country, which the security firm considers strong indicators of its origin.”

– Security Week

Transportation

“A hacker broke into Virgin America’s corporate network earlier this year, the company has confirmed.

The airline said in a letter to employees, published Thursday, that the hacker had “gained unauthorized access to certain Virgin America information systems containing your data” on March 13.